Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2023-72240
HistoryJul 19, 2023 - 12:00 a.m.

Linux kernel connection.c file out-of-bounds read vulnerability

2023-07-1900:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
linux kernel
out-of-bounds read
connection.c
vulnerability
netbios header
smb header
ksmbd_conn_handler_loop

EPSS

0.001

Percentile

31.2%

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. An out-of-bounds read vulnerability exists in versions of Linux kernel prior to 6.3.8, which stems from the fact that fs/smb/server/connection.c does not validate the relationship between the length field of the NetBIOS header and the size of the SMB header via pdu_size in ksmbd_conn_handler_loop, which an attacker could exploit this vulnerability to cause an out-of-bounds read.

CPENameOperatorVersion
linux linux kernellt6.3.8